[wasm] Don't overwrite register in atomic.notify if it is still used

In atomic.notify we overwrote the register which stored the index,
without checking if it was still in use or not.

R=clemensb@chromium.org

Bug: v8:10898
Change-Id: I59ed7a2c1f1342ff4252e3c4d33822111caee82c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2426616
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70125}
This commit is contained in:
Andreas Haas 2020-09-24 19:57:04 +02:00 committed by Commit Bot
parent b728ad817e
commit 4af3a33327
2 changed files with 53 additions and 2 deletions

View File

@ -3307,7 +3307,14 @@ class LiftoffCompiler {
uint32_t offset = imm.offset;
index = AddMemoryMasking(index, &offset, &pinned);
if (offset) __ emit_i32_addi(index, index, offset);
Register index_plus_offset = index;
if (offset) {
if (__ cache_state()->is_used(LiftoffRegister(index))) {
index_plus_offset =
pinned.set(__ GetUnusedRegister(kGpReg, pinned)).gp();
}
__ emit_i32_addi(index_plus_offset, index, offset);
}
// TODO(ahaas): Use PrepareCall to prepare parameters.
__ SpillAllRegisters();
@ -3316,7 +3323,7 @@ class LiftoffCompiler {
DCHECK_EQ(0, descriptor.GetStackParameterCount());
DCHECK_EQ(2, descriptor.GetRegisterParameterCount());
__ ParallelRegisterMove(
{{descriptor.GetRegisterParameter(0), index, kWasmI32},
{{descriptor.GetRegisterParameter(0), index_plus_offset, kWasmI32},
{descriptor.GetRegisterParameter(1), count, kWasmI32}});
__ CallRuntimeStub(WasmCode::kWasmAtomicNotify);

View File

@ -0,0 +1,44 @@
// Copyright 2020 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --wasm-staging
load('test/mjsunit/wasm/wasm-module-builder.js');
const builder = new WasmModuleBuilder();
builder.addMemory(1, 1, false, true);
builder.addDataSegment(2, [0x12, 0x00, 0x1c]);
builder.addDataSegment(17,
[0x00, 0x00, 0x96, 0x00, 0x00, 0x00, 0xc2, 0x00, 0xb33, 0x03, 0xf6, 0x0e]);
builder.addDataSegment(41,
[0x00, 0xdb, 0xa6, 0xa6, 0x00, 0xe9, 0x1c, 0x06, 0xac]);
builder.addDataSegment(57, [0x00, 0x00, 0x00, 0x00, 0xda, 0xc0, 0xbe]);
builder.addType(makeSig([kWasmI32], [kWasmI32]));
builder.addType(makeSig([kWasmF32], [kWasmF32]));
builder.addType(makeSig([kWasmF64], [kWasmF64]));
// Generate function 1 (out of 3).
builder.addFunction(undefined, 0 /* sig */)
.addBodyWithEnd([
// signature: i_i
// body:
kExprF32Const, 0x00, 0x00, 0x00, 0x00, // f32.const
kExprF32Const, 0x00, 0x00, 0x00, 0x00, // f32.const
kExprF32Le, // f32.le
kExprLocalTee, 0x00, // local.tee
kExprI32Const, 0xff, 0x00, // i32.const
kAtomicPrefix, kExprAtomicNotify, 0x02, 0x03, // atomic.notify
kExprI32LoadMem16S, 0x00, 0x02, // i32.load16_s
kExprIf, kWasmStmt, // if @28
kExprLocalGet, 0x00, // local.get
kExprReturn, // return
kExprElse, // else @33
kExprUnreachable, // unreachable
kExprEnd, // end @35
kExprUnreachable, // unreachable
kExprEnd, // end @37
]);
builder.addExport('func_194', 0);
let instance = builder.instantiate();
assertEquals(1, instance.exports.func_194(0));